EP2040431B1 - A system and method for the multi-service access - Google Patents
A system and method for the multi-service access Download PDFInfo
- Publication number
- EP2040431B1 EP2040431B1 EP07764172A EP07764172A EP2040431B1 EP 2040431 B1 EP2040431 B1 EP 2040431B1 EP 07764172 A EP07764172 A EP 07764172A EP 07764172 A EP07764172 A EP 07764172A EP 2040431 B1 EP2040431 B1 EP 2040431B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- controller
- node
- control
- user
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims description 65
- 230000008569 process Effects 0.000 claims description 31
- 238000000926 separation method Methods 0.000 claims description 27
- 238000013475 authorization Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 10
- 230000008901 benefit Effects 0.000 description 6
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/2854—Wide area networks, e.g. public data networks
- H04L12/2856—Access arrangements, e.g. Internet access
- H04L12/2869—Operational details of access network equipments
- H04L12/287—Remote access server, e.g. BRAS
- H04L12/2874—Processing of data for distribution to the subscribers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
Definitions
- the present invention relates to the field of telecommunications, and in particular to a system and an implementation method for multiservice access.
- Multiservice provisioning has been a development trend of the field.
- there are two types of architecture which support multiservice single-edge architecture and multi-edge architecture.
- Figure 1 illustrates a structural diagram of the prior art, in the case of single-edge, supporting multiservice. As illustrated in Figure 1 , single-edge technique in the prior art supports a multiservice scenario.
- an access node (AN) 104 corresponds with a single broadband remote access server (BRAS) 102 to which all service providers, i.e. service providing nodes, are connected.
- the access server controls user selections of service providing nodes 106 and processes subsequent service flows. Once a new service is added, a corresponding feature support should be added at the access server 102. Authentication of a user 108 and control of selections of service providers 106 are also done at the access server 102.
- the single-edge technique illustrated in Figure 1 has the following disadvantages: because of the variety of service features provided by different service providers, the access server is required to support every service feature, and control flows such as authentication and accounting of all users will pass the access server; therefore the access server is required to support numerous functions, which leads to poor extensibility, and becomes a bottleneck of the whole network.
- Figure 2 illustrates a structural diagram of the prior art, in the case of multi-edge, supporting multiservice. As illustrated in Figure 2 , multi-edge technique in the prior art supports a multiservice scenario.
- broadband network gateways (BNGs) 202 are edges of the access network. Selections of service providers, i.e. service providing nodes 206, are done by an AN 204, and related functions such as authentication, authorization, accounting, policy distribution and Internet Protocol (IP) address allocation are supported by the BNGs 202.
- IP Internet Protocol
- the multi-edge technique illustrated in Figure 2 has the drawback that, the BNGs not only forward services, but also perform authentication and control of services. In the case of multi-edge, these control functions are separated among each BNG, so that centralized control of the access network is difficult to achieve. In addition, the AN would be difficult to implement because it is required to have the AN implement the function of network selection.
- a BRAS is the network edge node at which user authentication, authorization and control are performed collectively.
- the BRAS has a single connection with an AN, and can perform QoS control of the AN based on a policy.
- the BRAS also connects multiple service providing nodes, selections of the service providing nodes and support for various services are all implemented on the BRAS.
- the BRAS is also the only node where various edge services are initiated.
- the network edge node is the only device in the access network that implements both control and bearing functions; and that the network edge node is required to support a variety of services. Therefore, in the case of single-edge, the functions of the network edge node are complex, difficult to be implemented or extended, and easy to cause single point of failure.
- a multi-edge architecture different network edge nodes correspond to and can be optimized for different services.
- Such a multi-edge architecture is good for extensions of services, and simplifies the implementation of network edge nodes.
- new problems of centralized control of users by network edges and selections of network edge nodes by users are raised.
- WO 2004/093407 A1 discloses a node of a communications network which establishes multiple simultaneous access bearers for providing different types of services to a stationary equipment unit which is connected to the node by an essentially fixed location physical link.
- the multiple simultaneous access bearers can be different bandwidths and quality of service capabilities.
- EP-A-1 357 720 discloses a method for free disposition of users, without restrictions on users identifiers, among a plurality of AAA servers within an ISP network for allowing AAA service network scalability and for hiding the AAA service network configuration to external AAA clients.
- An objective of the present invention is to provide to a system and an implementation method for multiservice access, to solve the above problems which arise with multiservice access.
- a system for multiservice access including:
- An embodiment of the present invention further provides a method for separation of control and bearing, including:
- an embodiment of the present invention provides a system with separation of control and bearing under multi-edge architecture. Multi-edge service bearing and centralized control are combined, so that the system is extensible for various services and centralized user control can be achieved without complicating the implementation of ANs.
- technical benefits brought by embodiments of the present invention include the following:
- Figure 1 is a structural diagram of the prior art, in the case of single-edge, supporting multiservice.
- Figure 2 is a structural diagram of the prior art, in the case of multi-edge, supporting multiservice.
- Figure 3 is a structural diagram of a multi-edge system with separation of control and bearing according to an embodiment of the present invention
- Figure 4 is a schematic diagram illustrating a process of a user accessing a network according to an embodiment of the present invention
- FIG. 5 is a schematic diagram illustrating a process of a user accessing a network according to an embodiment of the present invention (IP edge is used as a relay for address allocation);
- Figure 6 is a flow chart of a method for separation of control and bearing under multi-edge architecture according to an embodiment of the present invention
- Figure 7 is a schematic diagram illustrating a process of user access in a multi-edge system under 802.1x, according to an embodiment of the present invention
- Figure 8 is a schematic diagram illustrating a process of user access in a multi-edge system under 802.1x, according to another embodiment of the present invention.
- an embodiment of the present invention provides a system with separation of control and bearing under multi-edge architecture.
- a control device is created to implement control functions such as authentication, authorization and policy distribution; multiple edge devices corresponding to different service providing nodes are set up at network edges, the edge devices may perform bearing-related processing only.
- the idea of separating control and bearing under multi-edge architecture may benefit extensions of services, implement centralized control of user access, and simplify the complexity under multi-edge architecture.
- Figure 3 is a structural diagram of a multi-edge system with separation of control and bearing according to an embodiment of the present invention
- Figure 6 is a flow chart of a method for separation of control and bearing under multi-edge architecture according to an embodiment of the present invention.
- a system with separation of control and bearing under multi-edge architecture is provided according to an embodiment of the present invention, Multi-edge service bearing and centralized control are combined, so that the system is extensible for various services and centralized user control can be achieved without complicating the implementation of ANs.
- the system for multiservice access with separation of control and bearing 300 as illustrated in Figure 3 includes:
- the multi-edge system with separation of control and bearing includes a single device of controller 302 which implements control functions such as authentication, authorization and policy distribution; multiple edge nodes, i.e. IP edge devices 307, corresponding to different service providing nodes (SPs) 306, are set up at network edges, the edge nodes 307 may perform bearing-related processing only.
- control functions such as authentication, authorization and policy distribution
- multiple edge nodes i.e. IP edge devices 307, corresponding to different service providing nodes (SPs) 306, are set up at network edges, the edge nodes 307 may perform bearing-related processing only.
- SPs service providing nodes
- IP edge devices 307 In the architecture, entities of control functions such as AAA (authentication, authorization and accounting), network edge selection and policy distribution, are separated from the network edge devices (IP edge devices) 307 and form a single device, i.e., the controller 302; access nodes 304 have the function of separating control flow and service flow, and direct the control flow to the controller; the IP edge devices 307 handle service-related functions only, such as IPTV and VoIP (Voice-over-Internet Protocol).
- AAA authentication, authorization and accounting
- IP edge devices 307 handle service-related functions only, such as IPTV and VoIP (Voice-over-Internet Protocol).
- the service providing nodes 306 perform user authentication, accounting, IP address allocation and service provisioning. There are fixed control channels between the controller and the IP edge devices via which control flows are transmitted.
- the method for multiservice access with separation of control and bearing as illustrated in Figure 6 includes the following steps:
- Step S602 A service request of a user is received by a access node, control flow and service flow of the service request are separated, the control flow is sent to a controller and the service flow is sent to a corresponding edge node based on control by the controller;
- Step S604 The control flow is processed by the controller, so as to control routing of the service flow.
- Step S606 The service flow is submitted to a corresponding service providing node by the edge node, based on control by the controller.
- Figure 4 illustrates a process of a user accessing a network according to an embodiment of the present invention.
- the process of a user accessing a network includes:
- the AN may forward the message of the address allocation process as service flow directly to the IP edge device which may function as a relay for user address allocation.
- the IP edge device which may function as a relay for user address allocation.
- Such a procedure of a user accessing a network may suit a scenario where one IP edge device corresponds to one service providing node.
- the access process is illustrated as Figure 5 .
- FIG. 5 illustrates a process of a user accessing a network according to an embodiment of the present invention (IP edge is used as a relay for address allocation).
- the process of user address allocation includes: a user initiates a request for address allocation after the user passes authentication, an access node sends the request as a service message to an edge node, the edge node relays the request message for address allocation to a service providing node corresponding to the edge node.
- the access node 504 at least includes: a flow separation entity, a QoS and policy execution entity, and a path establishment execution entity.
- the flow separation entity is adapted to separate control flow and service flow, direct the control flow to the controller 502 and direct the service flow to the IP edge device.
- the QoS and policy execution entity is adapted to execute QoS and polices distributed by the controller 502.
- the path establishment execution entity is adapted to execute strategies of path establishment by the controller 502.
- the controller 502 at least includes any one or a combination of: an AAA controller, a path controller, a policy controller and an address allocation controller.
- the AAA controller is adapted to function as a client or proxy of user authentication, authorization and accounting; that is, the AAA controller is involved in processing of user authentication, authorization and accounting.
- the path controller is adapted to select an edge node based on result of user authentication.
- the policy controller is adapted to distribute QoS and policies.
- the address allocation controller functions as a client or proxy of user address allocation.
- the IP edge device 507 at least includes any one or a combination of: a routing entity and a service-related entity.
- the routing entity implements a routing function for service flow, i.e., the routing entity routes the service flow received by the IP edge device 507 to a corresponding service providing node based on control by the controller.
- the service-related entity implements service-related functions (e.g., VoIP and multicast). That is, the service-related entity performs service-related operations.
- service-related functions e.g., VoIP and multicast. That is, the service-related entity performs service-related operations.
- the service providing node 507 at least includes any one or a combination of an AAA server and an address allocation server (e.g. DHCP server).
- Figure 7 illustrates a process of user access in a multi-edge system under 802.1x, according to an embodiment of the present invention.
- a multi-edge architecture with separation of control and bearing can be implemented by 802.1x and DHCP
- 802.1x is a port-based authentication protocol.
- a port can be either a physical port or a logical port (e.g., VLAN (Virtual Local Area Networks), VCC (Virtual Channel Connection)).
- VLAN Virtual Local Area Networks
- VCC Virtual Channel Connection
- 802.1x is a protocol with separation of control and bearing;
- a 802. 1x authentication system includes: a supplicant system, an authenticator system and an AAA server system.
- the 802.1x system can be slightly modified.
- An AN sends all control messages (e.g., 802.1x and DHCP messages) to a controller, the controller functions as an authenticator and a DHCP relay/proxy, a service provider manages the AAA server and the DHCP server.
- the AAA protocol can be RADIUS or Diameter.
- EAP-MD5 based 802.1x authentication is employed and IP addresses are allocated by DHCP, a whole process of user access can be illustrated as Figure 7 .
- the whole process of user access can be divided into three phases:
- Phase 1 user AAA process: a user initiates a request for authentication, an AN identifies a 802.1x message and sends the message to a controller, the controller translates between 802.1x and an AAA protocol (e.g., RADIUS or Diameter) as an authenticator, and selects an AAA server of a corresponding service providing node for authentication based on a user identity in an EAP message of the 802.1x message.
- the controller obtains information such as DHCP server address and user profile (including QoS and policies) after the authentication is passed. Based on the information, the controller configures QoS and policies of the AN and the IP edge device accordingly, and establishes a path for service flow between the AN and the IP edge device.
- an AAA protocol e.g., RADIUS or Diameter
- Phase 2 user address allocation process: the user initiates an IP address request, the AN identifies a DHCP message and send the message to the controller, the controller functions as a relay of the user DHCP message or a proxy of a DHCP message of the DHCP server according to the DHCP server address obtained after the aforementioned authentication.
- a message of service flow accesses the service providing node via the established path between the AN and the IP edge device after the authentication and the address allocation.
- Figure 8 illustrates a process of user access in a multi-edge system under 802.1x, according to another embodiment of the present invention.
- a multi-edge architecture with separation of control and bearing can be implemented by 802.1x and DHCP, of which DHCP relay/proxy function is set up on an IP edge device.
- an AN may simply forwards 802.1x messages to a controller, and an AAA server is not required to send a DHCP server address to the controller.
- a detailed procedure can be illustrated as Figure 8 , which will not be further described.
- the architecture is suitable for the case that one IP edge device corresponds to one service providing node.
- the IP edge device can be statically configured with a DHCP server address, so that the IP edge device may function as a DHCP relay/proxy.
- an embodiment of the present invention provides a system with separation of control and bearing under multi-edge architecture. Multi-edge service bearing and centralized control are combined, so that the system is extensible for various services and centralized user control can be achieved without complicating the implementation of ANs.
- technical benefits brought by embodiments of the present invention includes the following:
- every module or step in the above embodiments can be implemented with a general-purpose computing apparatus. They can be placed together at a single computing apparatus or distributed in a network of multiple computing apparatuses. Optionally, they can be implemented with executable program code by a computing apparatus, so that they can be stored in a storage apparatus for a computing apparatus to execute; or they can be made into respective integrated circuit modules; or multiple module or steps of them can be implemented into a single integrated circuit module. Therefore the present invention is not limited to any specific combination of hardware and software. It should be noted that variations of the embodiments would be apparent for those skilled in the art without departing from the scope of the present invention.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Description
- The present invention relates to the field of telecommunications, and in particular to a system and an implementation method for multiservice access.
- Multiservice provisioning has been a development trend of the field. At present, there are two types of architecture which support multiservice, single-edge architecture and multi-edge architecture.
- Support for multiservice scenarios by single-edge technique and multi-edge technique in the prior art will be described hereinafter with reference to
Figure 1 and Figure 2 , respectively. -
Figure 1 illustrates a structural diagram of the prior art, in the case of single-edge, supporting multiservice. As illustrated inFigure 1 , single-edge technique in the prior art supports a multiservice scenario. - As can be seen from
Figure 1 , an access node (AN) 104 corresponds with a single broadband remote access server (BRAS) 102 to which all service providers, i.e. service providing nodes, are connected. The access server controls user selections ofservice providing nodes 106 and processes subsequent service flows. Once a new service is added, a corresponding feature support should be added at theaccess server 102. Authentication of auser 108 and control of selections ofservice providers 106 are also done at theaccess server 102. - The single-edge technique illustrated in
Figure 1 has the following disadvantages: because of the variety of service features provided by different service providers, the access server is required to support every service feature, and control flows such as authentication and accounting of all users will pass the access server; therefore the access server is required to support numerous functions, which leads to poor extensibility, and becomes a bottleneck of the whole network. -
Figure 2 illustrates a structural diagram of the prior art, in the case of multi-edge, supporting multiservice. As illustrated inFigure 2 , multi-edge technique in the prior art supports a multiservice scenario. - As can be seen from
Figure 2 , broadband network gateways (BNGs) 202 are edges of the access network. Selections of service providers, i.e.service providing nodes 206, are done by anAN 204, and related functions such as authentication, authorization, accounting, policy distribution and Internet Protocol (IP) address allocation are supported by theBNGs 202. The benefit of multi-edge technique is that, different BNGs can be provided to implement different types of services, which makes services easy to be extended. - The multi-edge technique illustrated in
Figure 2 has the drawback that, the BNGs not only forward services, but also perform authentication and control of services. In the case of multi-edge, these control functions are separated among each BNG, so that centralized control of the access network is difficult to achieve. In addition, the AN would be difficult to implement because it is required to have the AN implement the function of network selection. - In a single-edge architecture, a BRAS is the network edge node at which user authentication, authorization and control are performed collectively. The BRAS has a single connection with an AN, and can perform QoS control of the AN based on a policy. The BRAS also connects multiple service providing nodes, selections of the service providing nodes and support for various services are all implemented on the BRAS. As the only edge control node, the BRAS is also the only node where various edge services are initiated. Accordingly, the network edge node is the only device in the access network that implements both control and bearing functions; and that the network edge node is required to support a variety of services. Therefore, in the case of single-edge, the functions of the network edge node are complex, difficult to be implemented or extended, and easy to cause single point of failure.
- However in a multi-edge architecture, different network edge nodes correspond to and can be optimized for different services. Such a multi-edge architecture is good for extensions of services, and simplifies the implementation of network edge nodes. But new problems of centralized control of users by network edges and selections of network edge nodes by users are raised. Because of the variety of network edges, it would be a problem for the edge nodes to coordinate user control; and that it is required by the architecture for an AN to select network edge nodes, which increases the complexity of the implementation of the AN, meanwhile the implementation of control functions by the edge nodes is not simplified.
-
WO 2004/093407 A1 discloses a node of a communications network which establishes multiple simultaneous access bearers for providing different types of services to a stationary equipment unit which is connected to the node by an essentially fixed location physical link. Advantageously, the multiple simultaneous access bearers can be different bandwidths and quality of service capabilities. - D2 (
WO 00/79742 A - D3 (
EP-A-1 357 720 ) discloses a method for free disposition of users, without restrictions on users identifiers, among a plurality of AAA servers within an ISP network for allowing AAA service network scalability and for hiding the AAA service network configuration to external AAA clients. - An objective of the present invention is to provide to a system and an implementation method for multiservice access, to solve the above problems which arise with multiservice access.
- According to an aspect of the present invention, a system for multiservice access is provided, including:
- at least one access node, adapted to receive a message of a user, separate control flow and service flow of the message, send the control flow to a controller, and send the service flow to a corresponding edge node based on control by the controller;
- the controller, adapted to process the control flow, so as to control the access node to send the service flow to the corresponding edge node, and control the corresponding edge node to process the service flow, wherein the controller is further adapted to select, based on a user identity in an EAP message of an 802. 1x message, a service providing node for authentication, the service providing node comprising an Authentication, Authorization and Accounting, AAA server, and the controller is further adapted to obtain from the AAA server an address of an address allocation server, a Quality of Service, QoS, parameter, and a policy; and
- at least one edge node, adapted to transmit the received service flow to a corresponding service providing node based on control by the controller.
- An embodiment of the present invention further provides a method for separation of control and bearing, including:
- receiving, by an access node, a message of a user, separating control flow and service flow of the message, sending the control flow to a controller, and sending the service flow to a corresponding edge node based on control by the controller;
- processing the control flow, by the controller, to control the access node to send the service flow to the corresponding edge node, and controlling the corresponding edge node to process the service flow; and
- transmitting, by the edge node, the received service flow to a corresponding service providing node based on control by the controller,
- wherein the method further comprises:
- selecting, by the controller, based on a user identity in an EAP message of an 802.1x message, a service providing node for authentication wherein the service providing node comprises an Authentication, Authorization and Accounting, AAA server, and
- obtaining, by the controller, from the AAA server an address of an address allocation server, a Quality of Service, QoS, parameter, and a policy.
- As can be seen from the above solutions, an embodiment of the present invention provides a system with separation of control and bearing under multi-edge architecture. Multi-edge service bearing and centralized control are combined, so that the system is extensible for various services and centralized user control can be achieved without complicating the implementation of ANs. Particularly, technical benefits brought by embodiments of the present invention include the following:
- 1. A method for separation of control and bearing is applied in the access network, therefore the architecture may suit various cases of service access, and network edges may deal with service-related matters only, which is good for extensions of services;
- 2. User access is controlled collectively by a controller, therefore the situation where centralized control and management of users can not be achieved in an access network in the case of multi-edge is avoided, and interactions between edges are reduced; and
- 3. The complexities of AN devices and network edge devices under multi-edge architecture are simplified, so that selections of networks and establishment of paths are controlled collectively by a controller; ANs may simply separate control flow and bearing flow, and network edge devices can perform processing of corresponding services only.
- Other features and advantages of embodiments of the present invention will be described in the description hereinafter, parts of which may become apparent based on the description or understood by implementing the embodiments. The advantages of the embodiments of the present invention can be realized or obtained by structures indicated in the description, the claims and the drawings.
-
Figure 1 is a structural diagram of the prior art, in the case of single-edge, supporting multiservice. -
Figure 2 is a structural diagram of the prior art, in the case of multi-edge, supporting multiservice. -
Figure 3 is a structural diagram of a multi-edge system with separation of control and bearing according to an embodiment of the present invention; -
Figure 4 is a schematic diagram illustrating a process of a user accessing a network according to an embodiment of the present invention; -
Figure 5 is a schematic diagram illustrating a process of a user accessing a network according to an embodiment of the present invention (IP edge is used as a relay for address allocation); -
Figure 6 is a flow chart of a method for separation of control and bearing under multi-edge architecture according to an embodiment of the present invention; -
Figure 7 is a schematic diagram illustrating a process of user access in a multi-edge system under 802.1x, according to an embodiment of the present invention; -
Figure 8 is a schematic diagram illustrating a process of user access in a multi-edge system under 802.1x, according to another embodiment of the present invention. - Embodiments of the present invention will be described in details with reference to the drawings.
- In order to solve aforementioned problems, an embodiment of the present invention provides a system with separation of control and bearing under multi-edge architecture. In the system, a control device is created to implement control functions such as authentication, authorization and policy distribution; multiple edge devices corresponding to different service providing nodes are set up at network edges, the edge devices may perform bearing-related processing only. The idea of separating control and bearing under multi-edge architecture may benefit extensions of services, implement centralized control of user access, and simplify the complexity under multi-edge architecture.
-
Figure 3 is a structural diagram of a multi-edge system with separation of control and bearing according to an embodiment of the present invention;Figure 6 is a flow chart of a method for separation of control and bearing under multi-edge architecture according to an embodiment of the present invention. - A system with separation of control and bearing under multi-edge architecture is provided according to an embodiment of the present invention, Multi-edge service bearing and centralized control are combined, so that the system is extensible for various services and centralized user control can be achieved without complicating the implementation of ANs. The system for multiservice access with separation of control and bearing 300 as illustrated in
Figure 3 includes: - access nodes (AN, also known as access points) 304, adapted to receive a service request of a user, separate control flow and service flow of the service request, send the control flow to a
controller 302, and send the service flow to acorresponding edge node 307 based on routing control by thecontroller 302; - the
controller 302, adapted to process the control flow, so as to determine routing of the service flow; and - edge nodes (i.e., IP edge devices) 307, adapted to submit the service flow to the
nodes 306. - Particularly, as shown in
Figure 3 , the multi-edge system with separation of control and bearing includes a single device ofcontroller 302 which implements control functions such as authentication, authorization and policy distribution; multiple edge nodes, i.e.IP edge devices 307, corresponding to different service providing nodes (SPs) 306, are set up at network edges, theedge nodes 307 may perform bearing-related processing only. - In the architecture, entities of control functions such as AAA (authentication, authorization and accounting), network edge selection and policy distribution, are separated from the network edge devices (IP edge devices) 307 and form a single device, i.e., the
controller 302;access nodes 304 have the function of separating control flow and service flow, and direct the control flow to the controller; theIP edge devices 307 handle service-related functions only, such as IPTV and VoIP (Voice-over-Internet Protocol). - The
service providing nodes 306 perform user authentication, accounting, IP address allocation and service provisioning. There are fixed control channels between the controller and the IP edge devices via which control flows are transmitted. - The method for multiservice access with separation of control and bearing as illustrated in
Figure 6 includes the following steps: - Step S602: A service request of a user is received by a access node, control flow and service flow of the service request are separated, the control flow is sent to a controller and the service flow is sent to a corresponding edge node based on control by the controller;
- Step S604: The control flow is processed by the controller, so as to control routing of the service flow; and
- Step S606: The service flow is submitted to a corresponding service providing node by the edge node, based on control by the controller.
-
Figure 4 illustrates a process of a user accessing a network according to an embodiment of the present invention. - As illustrated in
Figure 4 , in the above architecture with separation of control and bearing, the process of a user accessing a network according to an embodiment of the present invention includes: - 1. User authentication process: A user initiates an authentication request, an access node directs the authentication request to a controller, the controller selects a service providing node in the edge for authentication during which address information of an address allocation server (DHCP server) is acquired, if the authentication is passed, the controller performs operations which include but not limited to:
- A. selecting an IP edge device which can reach the network of a corresponding service providing node. In the case of multiple service providing nodes corresponding to the IP edge device, instructing the IP edge device to select an appropriate egress;
- B. establishing a path between a physical/logical circuit that the user accesses and the selected IP edge device via the AN;
- C. distributing initial QoS parameters or policies to the AN and the IP edge device.
Information that the controller obtains during the user authentication process may include any one or a combination of: address of a DHCP server, QoS parameter, policy of a user accessing a network, IP address of a DNS server, IP address of a WINS (Windows Internet Name Service) server, IP address of a P-CSCF (Proxy-Call Session Control Function) server. - 2. User address allocation process: The user initiates a request for address allocation after the authentication is passed; the AN directs the request as a control message to the controller; the controller relays the request message for address allocation to a corresponding SP based on the information obtained during the authentication (e.g., address of a DHCP server), and completes the process of user address allocation.
- 3. User service forwarding: Subsequent service flows are forwarded based on the path established between the AN and the IP edge device after the completion of user authentication and address allocation.
- With respect to the process of user address allocation in the above procedure, the AN may forward the message of the address allocation process as service flow directly to the IP edge device which may function as a relay for user address allocation. Such a procedure of a user accessing a network may suit a scenario where one IP edge device corresponds to one service providing node. The access process is illustrated as
Figure 5 . -
Figure 5 illustrates a process of a user accessing a network according to an embodiment of the present invention (IP edge is used as a relay for address allocation). - The process of a user accessing a network according to
Figure 5 differs fromFigure 4 in the user address allocation process. - In the embodiment illustrated by
Figure 5 , the process of user address allocation includes: a user initiates a request for address allocation after the user passes authentication, an access node sends the request as a service message to an edge node, the edge node relays the request message for address allocation to a service providing node corresponding to the edge node. - In the system with separation of control and bearing 400 as illustrated in
Figure 4 and the system with separation of control and bearing 500 as illustrated inFigure 5 , functions implemented by each device are as follows: - The
access node 504 at least includes: a flow separation entity, a QoS and policy execution entity, and a path establishment execution entity. - The flow separation entity is adapted to separate control flow and service flow, direct the control flow to the
controller 502 and direct the service flow to the IP edge device. - The QoS and policy execution entity is adapted to execute QoS and polices distributed by the
controller 502. - The path establishment execution entity is adapted to execute strategies of path establishment by the
controller 502. - The
controller 502 at least includes any one or a combination of: an AAA controller, a path controller, a policy controller and an address allocation controller. - The AAA controller is adapted to function as a client or proxy of user authentication, authorization and accounting; that is, the AAA controller is involved in processing of user authentication, authorization and accounting.
- The path controller is adapted to select an edge node based on result of user authentication.
- The policy controller is adapted to distribute QoS and policies.
- The address allocation controller functions as a client or proxy of user address allocation.
- The
IP edge device 507 at least includes any one or a combination of: a routing entity and a service-related entity. - The routing entity implements a routing function for service flow, i.e., the routing entity routes the service flow received by the
IP edge device 507 to a corresponding service providing node based on control by the controller. - The service-related entity implements service-related functions (e.g., VoIP and multicast). That is, the service-related entity performs service-related operations.
- The
service providing node 507 at least includes any one or a combination of an AAA server and an address allocation server (e.g. DHCP server). -
Figure 7 illustrates a process of user access in a multi-edge system under 802.1x, according to an embodiment of the present invention. - According to an embodiment of the present invention, a multi-edge architecture with separation of control and bearing can be implemented by 802.1x and DHCP
- As a method and policy for authenticating a user, 802.1x is a port-based authentication protocol. A port can be either a physical port or a logical port (e.g., VLAN (Virtual Local Area Networks), VCC (Virtual Channel Connection)). The ultimate objective of 802.1x authentication is to determine whether a port is available. With respect to a port, if the authentication is passed, the port will be "opened" and all messages are permitted to pass through; if the authentication is failed, the port will be kept "closed" and only 802.1x authentication protocol messages are permitted to pass through.
- Therefore, 802.1x is a protocol with separation of control and bearing; a 802. 1x authentication system includes: a supplicant system, an authenticator system and an AAA server system. In a multi-edge architecture with separation of control and bearing, the 802.1x system can be slightly modified. An AN sends all control messages (e.g., 802.1x and DHCP messages) to a controller, the controller functions as an authenticator and a DHCP relay/proxy, a service provider manages the AAA server and the DHCP server. The AAA protocol can be RADIUS or Diameter. In the case that EAP-MD5 based 802.1x authentication is employed and IP addresses are allocated by DHCP, a whole process of user access can be illustrated as
Figure 7 . - The whole process of user access can be divided into three phases:
-
Phase 1, user AAA process: a user initiates a request for authentication, an AN identifies a 802.1x message and sends the message to a controller, the controller translates between 802.1x and an AAA protocol (e.g., RADIUS or Diameter) as an authenticator, and selects an AAA server of a corresponding service providing node for authentication based on a user identity in an EAP message of the 802.1x message. The controller obtains information such as DHCP server address and user profile (including QoS and policies) after the authentication is passed. Based on the information, the controller configures QoS and policies of the AN and the IP edge device accordingly, and establishes a path for service flow between the AN and the IP edge device. -
Phase 2, user address allocation process: the user initiates an IP address request, the AN identifies a DHCP message and send the message to the controller, the controller functions as a relay of the user DHCP message or a proxy of a DHCP message of the DHCP server according to the DHCP server address obtained after the aforementioned authentication. - At
phase 3, a message of service flow accesses the service providing node via the established path between the AN and the IP edge device after the authentication and the address allocation. -
Figure 8 illustrates a process of user access in a multi-edge system under 802.1x, according to another embodiment of the present invention. - According to another embodiment of the present invention, a multi-edge architecture with separation of control and bearing can be implemented by 802.1x and DHCP, of which DHCP relay/proxy function is set up on an IP edge device.
- If DHCP relay/proxy function is set up on an IP edge device, an AN may simply forwards 802.1x messages to a controller, and an AAA server is not required to send a DHCP server address to the controller. A detailed procedure can be illustrated as
Figure 8 , which will not be further described. - The architecture is suitable for the case that one IP edge device corresponds to one service providing node. Instead of selecting a DHCP server, the IP edge device can be statically configured with a DHCP server address, so that the IP edge device may function as a DHCP relay/proxy.
- As can be seen from the above descriptions, an embodiment of the present invention provides a system with separation of control and bearing under multi-edge architecture. Multi-edge service bearing and centralized control are combined, so that the system is extensible for various services and centralized user control can be achieved without complicating the implementation of ANs. Particularly, technical benefits brought by embodiments of the present invention includes the following:
- 1. A method for separation of control and bearing is applied in the access network; therefore the architecture may suit various cases of service access, and network edges may deal with service-related matters only, which is good for extensions of services;
- 2. User access is controlled collectively by a controller; therefore the situation where centralized control and management of users can not be achieved in an access network in the case of multi-edge is avoided, and interactions between edges are reduced; and
- 3. The complexities of AN devices and network edge devices under multi-edge architecture are simplified, so that selections of networks and establishment of paths are controlled collectively by a controller, ANs may simply separates control flow and bearing flow, and network edge devices can perform processing of corresponding services only.
- It should be understood by those skilled in the art that every module or step in the above embodiments can be implemented with a general-purpose computing apparatus. They can be placed together at a single computing apparatus or distributed in a network of multiple computing apparatuses. Optionally, they can be implemented with executable program code by a computing apparatus, so that they can be stored in a storage apparatus for a computing apparatus to execute; or they can be made into respective integrated circuit modules; or multiple module or steps of them can be implemented into a single integrated circuit module. Therefore the present invention is not limited to any specific combination of hardware and software. It should be noted that variations of the embodiments would be apparent for those skilled in the art without departing from the scope of the present invention.
- The description above is merely embodiments of the invention, but not intended to limit the present invention. To those skilled in the art, various modifications and variations of the invention can be implemented. Any modification, equivalent alternative, or improvement within the scope of the invention should be included in the scope of the invention.
Claims (13)
- A system for multiservice access, characterized by comprising:at least one access node (304), adapted to receive a message of a user, separate control flow and service flow of the message, send the control flow to a controller (302), and send the service flow to a corresponding edge node (307) based on control by the controller(302);the controller (302), adapted to process the control flow, so as to control the access node (304) to send the service flow to the corresponding edge node (307), and control the corresponding edge node to process the service flow, wherein the controller (302) is further adapted to select, based on a user identity in an Extensible Anthentication Protocol, EAP, message of an 802. 1x message, a service providing node (306) for authentication, the service providing node (306) comprising an Authentication, Authorization and Accounting, AAA server, and the controller (302) is further adapted to obtain from the AAA server an address of an address allocation server, a Quality of Service, QoS, parameter, and a policy; andat least one edge node (307), adapted to transmit the received service flow to the corresponding service providing node (306) based on control by the controller (302).
- The system according to claim 1, characterized in that the access node (304) comprises:a flow separation entity, adapted to separate control flow and service flow of the message received by the access node (304);a QoS and policy execution entity, adapted to execute QoS and a policy distributed by the controller (302); anda path establishment execution entity, adapted to execute a strategy of path establishment between the access node (304) and the edge node (307) distributed by the controller(302).
- The system according to claim 1,characterized in that the controller (302) comprises at least one of:an AAA controller, adapted to function as a client or proxy of user authentication, authorization and accounting;a path controller, adapted to select an edge node (307) based on result of user authentication;a policy controller, adapted to distribute QoS and a policy; andan address allocation controller, adapted to function as a client or proxy of user address allocation.
- The system according to claim 1, characterized in that the edge node (307) comprises at least one of:a routing entity, adapted to route the service flow received by the edge node (307) to the corresponding service providing node (306) based on control by the controller (302); anda service-related entity, adapted to perform a service-related operation.
- The system according to claim 1, characterized in that the service providing node (306) further comprises an address allocation server.
- A method for separation of control and bearing, characterized by comprising:receiving, by an access node, a message of a user, separating control flow and service flow of the message, sending the control flow to a controller, and sending the service flow to a corresponding edge node based on control by the controller;processing the control flow, by the controller, to control the access node to send the service flow to the corresponding edge node, and controlling the corresponding edge node to process the service flow; andtransmitting, by the edge node, the received service flow to a corresponding service providing node based on control by the controller,wherein the method further comprises:selecting, by the controller, based on a user identity in an Extensible Anthentication ProtocOl, EAP, message of an 802.1x message, a service providing node for authentication wherein the service providing node comprises an Authentication, Authorization and Accounting, AAA server, andobtaining, by the controller, from the AAA server an address of an address allocation server, a Quality of Service, QoS parameter, and a policy.
- The method for separation of control and bearing according to claim 6, characterized in that the method further comprises:transmitting, by the controller, control flow for user authentication and/or user address allocation, to the edge node, via a fixed control channel between the controller and the edge node; andtransmitting, by the edge node, the control flow to the service providing node.
- The method for separation of control and bearing according to claim 6, characterized in that the method further comprises:receiving, by a service providing node, an authentication request of a user sent by the controller, and authenticating the user;receiving, by the service providing node, an address allocation request of the user sent by the controller or the edge node, and allocating an address for the user if the user passes the authentication;controlling, by the controller, establishment of a path between the access node and the edge node, for the user.
- The method according to claim 8, characterized in that
the authentication of the user comprises:sending, by the access node, the authentication request initiated by the user to the controller, and selecting, by the controller, a service providing node corresponding to the corresponding edge node for authentication based on a related identifier or attribute of the user; and/orthe address allocation for the user comprises:directing, by the access node, the address allocation request initiated by the user to the controller as a control message, and forwarding, by the controller, the address allocation request message to a corresponding service providing node; orsending, by the access node, the address allocation request initiated by the user to the edge node as a service message, and forwarding, by the edge node, the address allocation request message to a service providing node corresponding to the edge node. - The method according to claim 8, characterized in that operations that the controller performs after the authentication is passed comprise at least one of:selecting an edge node which can reach a corresponding service providing node, and in the case of one edge node corresponding to multiple service providing nodes, instructing the edge node to select an appropriate service providing node;controlling establishment of a path between a physical/logical circuit that the user accesses and the edge node via the access node;distributing a QoS parameter and/or a policy to the access node and the edge node;performing relaying and proxying of the address allocation request of the user.
- The method according to claim 8, characterized in that the system supports 802.1x communication protocol.
- The method according to claim 11, characterized in that
the access node performs a control operation of port closing and opening according to 802.1x communication protocol, the controller performs a processing operation according to 802.1x communication protocol; or
the access node performs a processing operation according to 802.1x communication protocol; the controller performs a control operation of port closing and opening according to 802.1x communication protocol. - The method according to claim 12, characterized in that the control operation of port closing and opening according to 802.1x communication protocol performed by the access node comprises:forwarding, by the access node, the control flow to the controller and discarding all the service flow, when the port is closed; andforwarding, by the access node, the control flow to the controller and forwarding the service flow to the edge node, when the port is open.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200610101059A CN101102265B (en) | 2006-07-06 | 2006-07-06 | Control and carrier separation system and implementation method for multi-service access |
PCT/CN2007/070244 WO2008006317A1 (en) | 2006-07-06 | 2007-07-05 | A system and method for the multi-service access |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2040431A1 EP2040431A1 (en) | 2009-03-25 |
EP2040431A4 EP2040431A4 (en) | 2009-08-05 |
EP2040431B1 true EP2040431B1 (en) | 2012-12-26 |
Family
ID=38922947
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP07764172A Active EP2040431B1 (en) | 2006-07-06 | 2007-07-05 | A system and method for the multi-service access |
Country Status (5)
Country | Link |
---|---|
US (1) | US7934004B2 (en) |
EP (1) | EP2040431B1 (en) |
CN (1) | CN101102265B (en) |
ES (1) | ES2398591T3 (en) |
WO (1) | WO2008006317A1 (en) |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101102265B (en) | 2006-07-06 | 2010-05-12 | 华为技术有限公司 | Control and carrier separation system and implementation method for multi-service access |
US20090129301A1 (en) * | 2007-11-15 | 2009-05-21 | Nokia Corporation And Recordation | Configuring a user device to remotely access a private network |
CN101360348B (en) * | 2008-08-25 | 2012-02-22 | 中兴通讯股份有限公司 | Establishing method for virtual control channel between head and tail node of service |
CN101626555B (en) * | 2009-08-03 | 2012-01-11 | 中兴通讯股份有限公司 | Method and device for allocating access numbers |
CN102263686B (en) * | 2010-05-25 | 2016-06-15 | 中兴通讯股份有限公司 | Method for controlling multiple operations under a kind of multiple edge framework and system |
CN102065099B (en) * | 2010-12-28 | 2013-07-24 | 北京神州泰岳软件股份有限公司 | Signaling and bearing separated communication system |
CN102882699B (en) * | 2011-07-14 | 2015-07-29 | 华为技术有限公司 | The distribution method of fringe node and device and fringe node controller |
US10230679B1 (en) | 2011-08-22 | 2019-03-12 | Star2Star Communications, LLC | Systems and methods for optimizing application data delivery over third party networks |
US10116709B1 (en) | 2011-08-22 | 2018-10-30 | Star2Star Communications, LLC | Systems and methods for optimizing application data delivery over third party networks |
US9106511B1 (en) | 2011-08-22 | 2015-08-11 | Star2Star Communications, LLC | Systems and methods for optimizing application data delivery over third party networks |
US9344397B2 (en) * | 2011-09-27 | 2016-05-17 | Aruba Networks, Inc. | Client aware DHCP lease management |
CN102347959B (en) * | 2011-11-18 | 2014-07-23 | 运软网络科技(上海)有限公司 | Resource access system and method based on identity and session |
WO2013090940A1 (en) * | 2011-12-16 | 2013-06-20 | Huawei Technologies Co., Ltd. | System and method for concurrent address allocation and authentication |
US9451393B1 (en) * | 2012-07-23 | 2016-09-20 | Amazon Technologies, Inc. | Automated multi-party cloud connectivity provisioning |
EP2713573A1 (en) * | 2012-09-27 | 2014-04-02 | British Telecommunications public limited company | Application layer session routing |
US10027586B2 (en) * | 2013-03-15 | 2018-07-17 | Star2Star Communications, LLC | Network address family translation method and system |
CN104469844B (en) * | 2013-09-16 | 2019-09-20 | 南京中兴新软件有限责任公司 | A kind of realize controls the method and access net system isolated with carrying |
CN104767677B (en) * | 2014-01-07 | 2018-05-04 | 上海诺基亚贝尔股份有限公司 | Access node system and the computing resource pool unit for the access node system |
CN108566451B (en) * | 2014-03-11 | 2021-05-14 | 华为技术有限公司 | Message processing method, access controller and network node |
CN113225238B (en) * | 2015-07-17 | 2022-08-26 | 华为技术有限公司 | Message transmission method, access node, access controller and access system |
CN106549798B (en) * | 2016-10-14 | 2019-04-16 | 重庆金美通信有限责任公司 | A method of network, which is constructed, in IP communication network manages bus |
US10263951B2 (en) * | 2017-01-09 | 2019-04-16 | Star2Star Communications, LLC | Network address family translation method and system |
CN107547431B (en) * | 2017-05-24 | 2020-07-07 | 新华三技术有限公司 | Message processing method and device |
CN110620706B (en) * | 2018-06-19 | 2021-11-19 | 中国移动通信有限公司研究院 | Parameter adjusting method and equipment |
CN110213116B (en) * | 2019-08-05 | 2019-11-26 | 迈普通信技术股份有限公司 | A kind of network system, method and the communication equipment of network service centralized processing |
CN112822114B (en) * | 2021-04-19 | 2021-07-02 | 军事科学院系统工程研究院网络信息研究所 | Routing control method, system and medium based on behavior tree |
Family Cites Families (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6006264A (en) * | 1997-08-01 | 1999-12-21 | Arrowpoint Communications, Inc. | Method and system for directing a flow between a client and a server |
AUPQ116399A0 (en) | 1999-06-23 | 1999-07-15 | Telefonaktiebolaget Lm Ericsson (Publ) | Multilevel precedence and pre-emption in a call and bearer separated networks |
CN1148032C (en) * | 2002-04-17 | 2004-04-28 | 广州市安普华德创新科技有限公司 | Signaling system of broadband multi-service communication network |
EP1357720B1 (en) | 2002-04-22 | 2005-12-14 | Telefonaktiebolaget LM Ericsson (publ) | User selector proxy, method and system for authentication, authorization and accounting |
JP4304362B2 (en) * | 2002-06-25 | 2009-07-29 | 日本電気株式会社 | PKI-compliant certificate confirmation processing method and apparatus, and PKI-compliant certificate confirmation processing program |
WO2004014045A1 (en) * | 2002-07-24 | 2004-02-12 | International Business Machines Corporation | Service class dependant asignment of ip addresses for cotrolling access to an d delivery of e-sevices |
TW200509628A (en) * | 2003-04-15 | 2005-03-01 | Ericsson Telefon Ab L M | Bandwidth on demand for media services at stationary equipment unit |
US7536460B2 (en) * | 2003-05-15 | 2009-05-19 | At&T Intellectual Property I, L.P. | Session and application level bandwidth and/or QoS modification |
KR100602260B1 (en) * | 2005-01-05 | 2006-07-19 | 삼성전자주식회사 | Method for fast handover |
CN100488263C (en) * | 2005-07-08 | 2009-05-13 | 北京邮电大学 | Intelligent external system based on control and use separation and having business generation ability |
CN101102265B (en) | 2006-07-06 | 2010-05-12 | 华为技术有限公司 | Control and carrier separation system and implementation method for multi-service access |
-
2006
- 2006-07-06 CN CN200610101059A patent/CN101102265B/en not_active Expired - Fee Related
-
2007
- 2007-07-05 EP EP07764172A patent/EP2040431B1/en active Active
- 2007-07-05 ES ES07764172T patent/ES2398591T3/en active Active
- 2007-07-05 WO PCT/CN2007/070244 patent/WO2008006317A1/en active Application Filing
-
2008
- 2008-12-22 US US12/341,529 patent/US7934004B2/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
ES2398591T3 (en) | 2013-03-20 |
US20090172174A1 (en) | 2009-07-02 |
US7934004B2 (en) | 2011-04-26 |
CN101102265A (en) | 2008-01-09 |
CN101102265B (en) | 2010-05-12 |
WO2008006317A1 (en) | 2008-01-17 |
EP2040431A1 (en) | 2009-03-25 |
EP2040431A4 (en) | 2009-08-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2040431B1 (en) | A system and method for the multi-service access | |
US11552863B2 (en) | Packet processing method, forwarding plane device and network device | |
US10015046B2 (en) | Methods and apparatus for a self-organized layer-2 enterprise network architecture | |
US10999094B2 (en) | Title-enabled networking | |
USRE46195E1 (en) | Multipath transmission control protocol proxy | |
EP2225663B1 (en) | Providing services to packet flows in a network | |
US8320388B2 (en) | Autonomic network node system | |
US7975058B2 (en) | Systems and methods for remote access of network devices having private addresses | |
US20070064704A1 (en) | Methods and systems for a distributed provider edge | |
WO2013170790A1 (en) | Method and system for accessing virtual network | |
US7630386B2 (en) | Method for providing broadband communication service | |
JP2007536851A (en) | Session-based packet switching equipment | |
JP2016506109A (en) | Network address translated device identification for device specific traffic flow steering | |
EP3583751B1 (en) | Method for an improved deployment and use of network nodes of a switching fabric of a data center or within a central office point of delivery of a broadband access network of a telecommunications network | |
EP2909993B1 (en) | Method and system for handling subscribers' network traffic | |
Matias et al. | Towards neutrality in access networks: A NANDO deployment with OpenFlow | |
WO2011147334A1 (en) | Method, device and system for providing virtual private network service | |
US20200287868A1 (en) | Systems and methods for in-band remote management | |
Matias et al. | Extending AAA operational model for profile-based access control in ethernet-based neutral access networks | |
Meijers | Two-Way Quality of Service Policy Enforcement Methods in Dynamically Formed Overlay Virtual Private Networks | |
Bernstein et al. | Understanding PPPoE and DHCP | |
Shingadia | Dynamic provisioning of subscribers on Alcatel-Lucent Platform IP Edge devices using ALU subscriber management solutions | |
Mort et al. | SatSix and Recent Standardisation Results in ETSI Broadband Satellite Multimedia (BSM) Networks | |
MXPA06003563A (en) | Quality of service control in a wireless local area network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20081215 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA HR MK RS |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20090703 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 29/12 20060101ALI20090629BHEP Ipc: H04L 29/06 20060101ALI20090629BHEP Ipc: H04L 12/56 20060101AFI20090629BHEP Ipc: H04L 12/28 20060101ALI20090629BHEP |
|
17Q | First examination report despatched |
Effective date: 20091009 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
DAX | Request for extension of the european patent (deleted) | ||
GRAJ | Information related to disapproval of communication of intention to grant by the applicant or resumption of examination proceedings by the epo deleted |
Free format text: ORIGINAL CODE: EPIDOSDIGR1 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 590952 Country of ref document: AT Kind code of ref document: T Effective date: 20130115 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602007027652 Country of ref document: DE Effective date: 20130228 |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FG2A Ref document number: 2398591 Country of ref document: ES Kind code of ref document: T3 Effective date: 20130320 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 590952 Country of ref document: AT Kind code of ref document: T Effective date: 20121226 |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: VDEP Effective date: 20121226 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130327 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130426 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130326 Ref country code: BE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20130426 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602007027652 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 |
|
26N | No opposition filed |
Effective date: 20130927 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
GBPC | Gb: european patent ceased through non-payment of renewal fee |
Effective date: 20130705 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: MM4A |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20130731 Ref country code: GB Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20130705 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20130731 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 602007027652 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: H04L0012560000 Ipc: H04L0012801000 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602007027652 Country of ref document: DE Effective date: 20130927 Ref country code: DE Ref legal event code: R079 Ref document number: 602007027652 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: H04L0012560000 Ipc: H04L0012801000 Effective date: 20140526 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20130705 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20121226 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20130705 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20070705 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 10 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 11 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 12 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Ref document number: 602007027652 Country of ref document: DE Free format text: PREVIOUS MAIN CLASS: H04L0012801000 Ipc: H04L0047100000 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 16 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: ES Payment date: 20220803 Year of fee payment: 16 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: IT Payment date: 20230612 Year of fee payment: 17 Ref country code: FR Payment date: 20230620 Year of fee payment: 17 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20230531 Year of fee payment: 17 |
|
REG | Reference to a national code |
Ref country code: ES Ref legal event code: FD2A Effective date: 20240827 |